Sthitaprajna saw fit to inform LI that:
>When we use some pop client like fetchmail to retrieve mails from
>remote servers, how secure is it? On your own machines, you change
>the file perms so that it is readable only by you, but what when the
>password is sent via the net for authentication? I am sure it can be
>sniffed. Is there any way instead of ssh to send encrypted passwords?
>Or is there just no second option to a static IP and mailbox?
You can tunnel fetchmail via ssh of course. However, see what ESR has to
say in the fetchmail faq -
http://www.tuxedo.org/~esr/fetchmail/fetchmail-FAQ.html#G9
Part quote :
> In general there is little point in trying to secure your fetchmail
> transaction unless you trust the security of the server host you are
> retrieving mail from. Your vulnerability is more likely to be an
> insecure local network on the server end (e.g. to somebody with a
> TCP/IP packet sniffer intercepting Ethernet traffic between the modem
> concentrator you dial in to and the mailserver host).
He suggests that if you're still paranoid, tunnel your fetchmail through
ssh and use pgp / gnupg or whatever on everything you send.
--
Suresh Ramasubramanian + [EMAIL PROTECTED]
I took a course in speed reading and was able to read War and Peace in
twenty minutes. It's about Russia.
-- Woody Allen
-----------------------------------------------------------------------
Check out the 'What to do before posting to the list' site
for a list of things to try before posting. The site is
at http://botsie.tripod.com/beforeposting/
